[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20161228212759.GC8557@zzz>
Date: Wed, 28 Dec 2016 15:27:59 -0600
From: Eric Biggers <ebiggers3@...il.com>
To: Theodore Ts'o <tytso@....edu>
Cc: Linux Filesystem Development List <linux-fsdevel@...r.kernel.org>,
Ext4 Developers List <linux-ext4@...r.kernel.org>,
stable@...r.kernel.org
Subject: Re: [PATCH] fscrypt: fix the test_dummy_encryption mount option
Hi Ted,
On Tue, Dec 27, 2016 at 07:51:47PM -0500, Theodore Ts'o wrote:
> Commit f1c131b45410a: "crypto: xts - Convert to skcipher" now fails
> the setkey operation if the AES key is the same as the tweak key.
> Previously this check was only done if FIPS mode is enabled. Now this
> check is also done if weak key checking was requested. This is
> reasonable, but since we were using the dummy key which was a constant
> series of 0x42 bytes, it now caused dummy encrpyption test mode to
> fail.
>
> Fix this by using 0x42... and 0x24... for the two keys, so they are
> different.
>
This problem would also be fixed by my patch to make the test_dummy_encryption
encryption keys go through the regular keyring lookup and key derivation paths,
which IMO is a better solution long-term:
fscrypt / ext4: make test_dummy_encryption require a keyring key
and corresponding xfstests-bld patch:
xfstests-bld: populate keyring with default key for test_dummy_encryption
Would it make any sense to apply those patches instead?
I'd also be okay with your patch for 4.10 and mine for 4.11 or something like
that.
Eric
--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists